From d23aaca635d3b1f273bb0d1a931118b57c92832c Mon Sep 17 00:00:00 2001
From: Damien De Paoli <ddp@depaoli.id.au>
Date: Thu, 8 Jan 2026 16:33:23 +1100
Subject: [PATCH] convert to nfrastack ldap, and rename openldap to ldap, added
 a mqtt dev temporarily and made uptime-kuma tag be able to update in the :2
 releases

---
 docker-compose.yml       | 67 ++++++++++++++++++++++++++--------------
 secrets/ldap-mail-common |  1 +
 2 files changed, 44 insertions(+), 24 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index fde4d82..e6e1513 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -191,7 +191,7 @@ services:
       - "last.commit.url=https://api.github.com/repos/docker-mailserver/docker-mailserver/commits"
     depends_on:
       - adguard
-      - openldap
+      - ldap
     volumes:
       - /srv/docker/container/mail/data:/var/mail
       - /srv/docker/container/mail/state:/var/mail-state
@@ -233,7 +233,7 @@ services:
       - DMS_DEBUG=0
       - LOG_LEVEL=warn
       - ACCOUNT_PROVISIONER=LDAP
-      - LDAP_SERVER_HOST=ldap://openldap:389 # using IP, as we changed over container names
+      - LDAP_SERVER_HOST=ldap://ldap:389 # using IP, as we changed over container names
       - LDAP_SEARCH_BASE=dc=depaoli,dc=id,dc=au
       - LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au
       - LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE))
@@ -244,7 +244,7 @@ services:
       - DOVECOT_USER_FILTER=(&(objectClass=PostfixBookMailAccount)(uid=%n))
       - ENABLE_SASLAUTHD=1
       - SASLAUTHD_MECHANISMS=ldap
-      - SASLAUTHD_LDAP_SERVER=ldap://openldap:389
+      - SASLAUTHD_LDAP_SERVER=ldap://ldap:389
       - SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au
       - SASLAUTHD_LDAP_SEARCH_BASE=ou=users,dc=depaoli,dc=id,dc=au
       - SASLAUTHD_LDAP_FILTER=(&(uid=%U)(objectClass=person))
@@ -256,18 +256,21 @@ services:
     cap_add:
       - NET_ADMIN
 
-  openldap:
-    image: ghcr.io/tiredofit/docker-openldap:2.6-latest
-    container_name: openldap
-    hostname: openldap
+  ldap:
+    image: docker.io/nfrastack/openldap:2.6
+    container_name: ldap
+    hostname: ldap
     restart: unless-stopped
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
-      - "last.commit.url=https://api.github.com/repos/tiredofit/docker-openldap/releases/latest"
+      - "last.commit.url=https://api.github.com/repos/nfrastack/container-openldap/releases/latest"
     environment:
       DOMAIN: "depaoli.id.au"
       BASE_DN: "dc=depaoli,dc=id,dc=au"
+      ORGANIZATION: "De Paoli"
       ENABLE_BACKUP: false
+      ENABLE_TLS: "false"
+      ENABLE_REPLICATION: "false"
     env_file:
       - /srv/docker/config/secrets/ldap-mail-common
     tty: true
@@ -275,29 +278,30 @@ services:
     depends_on:
       - adguard
     volumes:
-      - /srv/docker/container/ldap/data:/var/lib/openldap
-      - /srv/docker/container/ldap/slap.d:/etc/openldap/slapd.d
+      - /srv/docker/container/ldap/data:/data/db
+      - /srv/docker/container/ldap/slap.d:/data/config
+      - /srv/docker/container/ldap/custom-scripts:/container/data/openldap/config/bootstrap/custom
       - /srv/docker/container/ldap/bootstrap-schema:/assets/bootstrap-schemas
       - /srv/docker/container/ldap/bootstrap-ldifs:/assets/bootstrap-ldifs
-      - /srv/docker/container/ldap/custom-scripts:/assets/custom-scripts
       - /etc/localtime:/etc/localtime:ro
     ports:
       - "0.0.0.0:389:389"
 
   ldap-dev:
-    image: ghcr.io/tiredofit/docker-openldap:2.6-latest
+    image: docker.io/nfrastack/openldap:2.6
     container_name: ldap-dev
     hostname: ldap-dev
     restart: unless-stopped
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
-      - "last.commit.url=https://api.github.com/repos/tiredofit/docker-openldap/releases/latest"
+      - "last.commit.url=https://api.github.com/repos/nfrastack/container-openldap/releases/latest"
     environment:
       DOMAIN: "depaoli.id.au"
       BASE_DN: "dc=depaoli,dc=id,dc=au"
-      LDAP_URLS: "ldap://0.0.0.0:1389"
+      ORGANIZATION: "De Paoli"
       ENABLE_BACKUP: false
-      # Add TLS, replication, etc. here if needed
+      ENABLE_TLS: "false"
+      ENABLE_REPLICATION: "false"
     env_file:
       - /srv/docker/config/secrets/ldap-mail-common
     tty: true
@@ -305,11 +309,11 @@ services:
     depends_on:
       - adguard
     volumes:
-      - /srv/docker/container/ldap-dev/data:/var/lib/openldap
-      - /srv/docker/container/ldap-dev/slap.d:/etc/openldap/slapd.d
+      - /srv/docker/container/ldap-dev/data:/data/db
+      - /srv/docker/container/ldap-dev/slap.d:/data/config
+      - /srv/docker/container/ldap-dev/custom-scripts:/container/data/openldap/config/bootstrap/custom
       - /srv/docker/container/ldap-dev/bootstrap-schema:/assets/bootstrap-schemas
       - /srv/docker/container/ldap-dev/bootstrap-ldifs:/assets/bootstrap-ldifs
-      - /srv/docker/container/ldap-dev/custom-scripts:/assets/custom-scripts
       - /etc/localtime:/etc/localtime:ro
     ports:
       - "0.0.0.0:1389:389"
@@ -336,7 +340,7 @@ services:
     depends_on:
       - adguard
       - mail
-      - openldap
+      - ldap
     environment:
       - ROUNDCUBEMAIL_DB_TYPE=sqlite
       - ROUNDCUBEMAIL_SKIN=elastic
@@ -376,7 +380,7 @@ services:
       - seccomp:unconfined
     depends_on:
       - adguard
-#      - openldap
+      - ldap
     volumes:
       - /srv/docker/container/hass:/config
       # this line adds known hosts file to /root's .ssh so the 'command line authenticaion' works on login on every new container
@@ -428,6 +432,22 @@ services:
       # to note with network_mode: host, this works via localhost --> traefik routes this to http://127.0.0.1:8095"
       - "traefik.http.services.mass.loadbalancer.server.port=8095"
 
+  mosquitto-dev:
+    container_name: mosquitto-dev
+    image: eclipse-mosquitto:latest
+    restart: always
+    volumes:
+      - /srv/docker/container/mosquitto-dev:/mosquitto
+      - /srv/docker/container/mosquitto-dev/data:/mosquitto/data
+      - /srv/docker/container/mosquitto-dev/log:/mosquitto/log
+      - /etc/localtime:/etc/localtime:ro
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
+      - "last.commit.url=https://api.github.com/repos/eclipse/mosquitto/commits"
+    ports:
+      - "0.0.0.0:10883:1883"    
+      - "0.0.0.0:18883:8883"    
+
   mosquitto:
     container_name: mosquitto
     image: eclipse-mosquitto:latest
@@ -842,7 +862,6 @@ services:
     restart: always
     depends_on:
       - adguard
-      - openldap
     volumes:
       - /srv/docker/container/vaultwarden:/data
       - /etc/localtime:/etc/localtime:ro
@@ -920,7 +939,7 @@ services:
       - "/etc/localtime:/etc/localtime:ro"
     
   mon:
-    image: louislam/uptime-kuma:2.0.2
+    image: louislam/uptime-kuma:2
     container_name: mon
     restart: always
     volumes:
@@ -1171,7 +1190,7 @@ services:
       - /srv/docker/container/samba/mara-bin:/root/mara-bin
     depends_on:
       - adguard
-      - openldap
+      - ldap
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
       - "traefik.enable=false"
@@ -1196,7 +1215,7 @@ services:
       - /srv/docker/container/ftp/mara-bin:/root/mara-bin
     depends_on:
       - adguard
-      - openldap
+      - ldap
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
       - "traefik.enable=false"
diff --git a/secrets/ldap-mail-common b/secrets/ldap-mail-common
index a02da84..906a86f 100644
--- a/secrets/ldap-mail-common
+++ b/secrets/ldap-mail-common
@@ -3,5 +3,6 @@ LDAP_ADMIN_PASSWORD=a_real_admin_pass_word_for_2o20
 LDAP_BIND_PW=${LDAP_ADMIN_PASSWORD}
 # needed for tiredofit containers
 ADMIN_PASS=${LDAP_ADMIN_PASSWORD}
+CONFIG_PASS=another_config_password_for_2025
 # to note, this is unused at the moment as SASL doesnt work, but leaving this set as it wont impact anything
 SASLAUTHD_LDAP_PASSWORD=${LDAP_ADMIN_PASSWORD}